cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
8174
Views
0
Helpful
9
Replies

Cisco SA520W IPSEC VPN with Cisco VPN Client

dominik.lang
Level 1
Level 1

Hi

I have a problem to configure a IPSEC VPN on the SA520W ( 1.0.39) with Cisco VPN Client (5.0.05.290)

In the logs are following error:

ERROR:  Could not find configuration for x.x.x.x
ERROR:  Could not find configuration for x.x.x.x
ERROR:  Could not find configuration for x.x.x.x
ERROR:  Could not find configuration for x.x.x.x

I think it´s a problem in the configuration:

cisco vpn.PNG

connection name:     OK

pre-shared key:         OK

local wan interface:     OK

For "Remote & Local WAN Adresses" i don´t now what they mean.

Thanks for help

9 Replies 9

Alejandro Gallego
Cisco Employee
Cisco Employee

Unfortunately the SA will only work with QuickVPN and will not work with Cisco VPN clients. The Cisco VPN clients typically are setup with groups and users, similar to QVPN (minus the groups) but also with access rules depending on what the client is allowed to connect to. The SA and all the Small Business routers do not have these settings.

The screenshot that you posted is to set up a Client to Gateway IPSec tunnel. The "Remote and Local" addresses would be referencing your router's WAN to accept the connection (if you have multiple public IPs) and the Client's WAN IP. Again, we can't use this set up for client access (as in workstation) for either Cisco or QVPN.

For QVPN you just need to create users under the IPSec section, then users. When you create an user select QVPN and fill in the rest.

Hope this helps.

is it planned that in future the cisco vpn client works with the sa520?

because in our company we use the asa 5510 and i use the sa520 at home and it is possible that i can use 1 vpn client for both systems

can i create a site2site connection between an asa55xx and a sa520?

thanks

I do not beleive we will be seeing a Cisco VPN client that will cover all platforms any time soon, but you never know. Yes, you can absolutely create a Gateway to Gateway tunnel to any IPSec capable router.

EDIT:

forgot to mention that shrewsoft vpn client should work for the ASA; it works perfect with the SA500 series routers. That should give you one VPN client for both sites without having to be locked down to gateway-to-gateway.

Hi, I would like your help why I have problem with vpn configuration with Shrewsoft to SA 520.

On Cisco appliance I have configured an VPN with ipsec user and PSK but when I try to connect I have in log:

2010-02-12 09:04:55: INFO:  Adding IPSec configuration with identifier "damorvpn" 2010-02-12 09:04:55: INFO:  Adding IKE configuration with identifer "myvpn" 2010-02-12 10:14:05: ERROR:  Could not find configuration for 217.x.y.z[500]

I have used the default parameter on Cisco and in vpn client I have used:

Authentication Method --> Mutual PSK+XAuth

Identification Type: FQDN --> local.com

Remote Identity: Any

..and all parameters are default.

On Shrewsoft I have:

config loaded for site 'myvpn'

configuring client settings ...

attached to key daemon ...

peer configured

iskamp proposal configured

esp proposal configured

client configured

local id configured

pre-shared key configured

bringing up tunnel ...

negotiation timout occurred

tunnel disabled

detached from key daemon ...

I very much hope in a your help, thanks.

-

Salvatore.

Can you post a config example between a SA520 and an ASA5510 IPSec VPN?

Satbir Singh
Level 1
Level 1

Hey I' ve got the Solution. it really works, I've searched for a solution as well and couldn' t find it on the web. I' ve made a Howto in PDF but sorry can't upload it here. I' ve used a Cisco SA520W device with Firmware version 2.1.71 and Cisco VPN-Client version 5.0.07.041. If anybody want my Howto shell PM me.

Hi Thanks for posting those screen shots. I will really help me out in my test deployments. No only if the Cisco AnyConnect VPN system that is on the ISR/ASA could be posted over to the SA5xx.

That would make our lives so much easier.

Michael Peterman

barbermania
Level 1
Level 1

From what I understand, the SA520 is supposed to be able to use the Cisco VPN Client.  I've configured according to the pictures above but to no avail.  I updated to firware version 2.2.0.7, but still nothing.  Are there any special settings in the Cisco VPN client that I need, or a certain verison that I have to use?

To give some background.  The SA520 that I have was preloaded with 2.1.72 and the Cisco VPN client worked great, but I could not do any VPN passthrough for a PPTP server.  Reverted it back to 2.1.71 (it was the only supported version at the time, and it broke the Cisco VPN client but fixed the PPTP).  So I know the config I have is good, but the change in firmware "screwed" me.

Are there any other suggestions on setup rather than using the wizard and checkin the Cisco VPN client box to help with setup?